IOC Report
login.html

loading gif

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\login.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1776,i,3959098085490163762,14531336400767641844,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
file:///C:/Users/user/Desktop/login.html
malicious
http://underscorejs.org/LICENSE
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
https://jquery.org/license
unknown
https://g.co/ng/security#xss)
unknown
http://www.broofa.com
unknown
https://github.com/dcodeIO/long.js
unknown
https://github.com/dcodeIO/protobuf.js
unknown
https://jquery.com/
unknown
https://angular.io/api/core/Component#animations).
unknown
https://angular.io/errors/$
unknown
https://angular.io/
unknown
https://lodash.com/
unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
216.58.212.173
https://github.com/dcodeIO/bytebuffer.js
unknown
https://lodash.com/license
unknown
https://angular.io/license
unknown
https://openjsf.org/
unknown
https://sizzlejs.com/
unknown
https://js.foundation/
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.186.174
There are 11 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
accounts.google.com
216.58.212.173
www.google.com
142.250.181.228
clients.l.google.com
142.250.186.174
clients2.google.com
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown
239.255.255.250
unknown
Reserved
142.250.181.228
www.google.com
United States
142.250.186.174
clients.l.google.com
United States
142.250.186.164
unknown
United States
216.58.212.173
accounts.google.com
United States
192.168.8.1
unknown
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
1C05DA3F000
heap
page read and write
229C37B000
stack
page read and write
1C05E332000
heap
page read and write
1C05DAA2000
heap
page read and write
229BA7B000
stack
page read and write
1C05DA2B000
heap
page read and write
1C05DA6A000
heap
page read and write
229BE7F000
stack
page read and write
1C05E202000
heap
page read and write
1C05E070000
trusted library allocation
page read and write
1C05DAEB000
heap
page read and write
1C05D8A0000
heap
page read and write
1C05DAE3000
heap
page read and write
229BB7E000
stack
page read and write
1C05DAE8000
heap
page read and write
229BFFF000
stack
page read and write
229C1FB000
stack
page read and write
229C57F000
stack
page read and write
1C05DA95000
heap
page read and write
229C0FD000
stack
page read and write
1C05D8B0000
heap
page read and write
1C05DA00000
heap
page read and write
1C05DB02000
heap
page read and write
1C05E343000
heap
page read and write
1C05DADA000
heap
page read and write
1C05DAA9000
heap
page read and write
229BEFC000
stack
page read and write
1C05DA8C000
heap
page read and write
1C05E300000
heap
page read and write
1C05D910000
heap
page read and write
229BC7B000
stack
page read and write
1C05DB13000
heap
page read and write
1C05DAE1000
heap
page read and write
229C2FF000
stack
page read and write
1C05DA13000
heap
page read and write
1C05E35B000
heap
page read and write
229C47C000
stack
page read and write
There are 27 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
file:///C:/Users/user/Desktop/login.html
file:///C:/Users/user/Desktop/login.html
file:///C:/Users/user/Desktop/login.html